26. Caesar Cipher
Z M S R
A N T S if encrypted with ROT(-1)
Sunday, April 25, 2010
27. Caesar Cipher
Z M S R
A N T S if encrypted with ROT(-1)
B O U T if encrypted with ROT(-2)
Sunday, April 25, 2010
28. /**
* A naively simple rotation cipher implementation.
* USAGE: groovy RotateWord.groovy <yourword>
*/
public class RotateWord {
/**
* Rotate one character by the specified amount
*/
private static char rotateChar(char c, int rotationAmount) {
//a == 97, z == 122
int num = (int)c
int rotated = num + rotationAmount
int adjusted
//Handle roll-around wrapping
Sunday, April 25, 2010
29. /**
* A naively simple rotation cipher implementation.
* USAGE: groovy RotateWord.groovy <yourword>
*/
public class RotateWord {
/**
* Rotate one character by the specified amount
*/
private static char rotateChar(char c, int rotationAmount) {
//a == 97, z == 122
int num = (int)c
int rotated = num + rotationAmount
int adjusted
//Handle roll-around wrapping
if (rotated > 122)
adjusted = rotated - 26
else if (rotated < 97)
adjusted = rotated + 26
else
adjusted = rotated
Sunday, April 25, 2010
30. public class RotateWord {
/**
* Rotate one character by the specified amount
*/
private static char rotateChar(char c, int rotationAmount) {
//a == 97, z == 122
int num = (int)c
int rotated = num + rotationAmount
int adjusted
//Handle roll-around wrapping
if (rotated > 122)
adjusted = rotated - 26
else if (rotated < 97)
adjusted = rotated + 26
else
adjusted = rotated
char adjustedChar = (char)adjusted
return adjustedChar
}
/**
Sunday, April 25, 2010
31. private static char rotateChar(char c, int rotationAmount) {
//a == 97, z == 122
int num = (int)c
int rotated = num + rotationAmount
int adjusted
//Handle roll-around wrapping
if (rotated > 122)
adjusted = rotated - 26
else if (rotated < 97)
adjusted = rotated + 26
else
adjusted = rotated
char adjustedChar = (char)adjusted
return adjustedChar
}
/**
* Rotate the entire String by the specified rotation amount.
*/
public static String rotateAllChars(String plainText, int rotationAmount) {
String encodedMessage = ""
Sunday, April 25, 2010
32. adjusted = rotated + 26
else
adjusted = rotated
char adjustedChar = (char)adjusted
return adjustedChar
}
/**
* Rotate the entire String by the specified rotation amount.
*/
public static String rotateAllChars(String plainText, int rotationAmount) {
String encodedMessage = ""
//Loop through each character in the plaintext
for (int i = 0; i < plainText.length(); i++) {
//TODO: Improve to handle upper and lower case letters
char c = plainText.toLowerCase().charAt(i)
encodedMessage += rotateChar(c, rotationAmount)
}
return encodedMessage
}
Sunday, April 25, 2010
33. return adjustedChar
}
/**
* Rotate the entire String by the specified rotation amount.
*/
public static String rotateAllChars(String plainText, int rotationAmount) {
String encodedMessage = ""
//Loop through each character in the plaintext
for (int i = 0; i < plainText.length(); i++) {
//TODO: Improve to handle upper and lower case letters
char c = plainText.toLowerCase().charAt(i)
encodedMessage += rotateChar(c, rotationAmount)
}
return encodedMessage
}
public static void main (String[] args) {
String originalword = args[0]
println "Rot(-3) Word: " + rotateAllChars(originalword, -3)
Sunday, April 25, 2010
38. Compromised
! Every algorithm is vulnerable
Sunday, April 25, 2010
39. Compromised
! Every algorithm is vulnerable
! Crack by brute force
Sunday, April 25, 2010
40. Compromised
! Every algorithm is vulnerable
! Crack by brute force
! Crack by rainbow tables
Sunday, April 25, 2010
41. Compromised
! Every algorithm is vulnerable
! Crack by brute force
! Crack by rainbow tables
! Function of time + money +
hardware
Sunday, April 25, 2010
44. $2000
Whic
h wo
uld y
ou hit
$ 50 ?
Sunday, April 25, 2010
45. JCE PRIMER
The world of Java crypto
Sunday, April 25, 2010
46. JCE PRIMER
The world of Java crypto
Sunday, April 25, 2010
47. Java Cryptography Extension
Known as JCE
Included in all JREs Since Java 1.2
Pluggable provider architecture
JCE extends Java Cryptography
Architecture (JCA)
Sunday, April 25, 2010
48. JCE Providers
Default Sun JRE Providers
SUN
SunJCE
SunJSSE
SunRsaSign
BouncyCastle Provider
Adds AES capabilities
Sunday, April 25, 2010
49. Registering a Provider
Static
<java-home>/lib/security/java.security
security.provider.n=masterClassName
Sunday, April 25, 2010
50. Registering a Provider
Dynamic
! java.security.Security class
addProvider()
insertProviderAt()
! Not persistent across VM instances
Sunday, April 25, 2010
51. Encryption &
the Law
country borders stop bits
Sunday, April 25, 2010
52. JCE Strength
! Jurisdiction Policy Files
! Two variants
! Algorithm strength differences
Sunday, April 25, 2010
58. JCE Strength
Strong strength included in all JREs
Sunday, April 25, 2010
59. JCE Strength
Strong strength included in all JREs
Unlimited strength is a separate download
available based on US export rules
Sunday, April 25, 2010
63. Worldwide Policy
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};
Sunday, April 25, 2010
64. Max Key Sizes
Algorithm Max Key Size
DES 64
DESede 168
3des
RC2 128
RC4 128
RC5 128
RSA 2048
Others 128
Sunday, April 25, 2010
65. Digests &
Hashes
One way functions
Sunday, April 25, 2010
66. What is a Digest?
Small set of bytes representing a large
message
Small change in message = large change in
digest
Integrity check for large data
Password storage mechanism
Sunday, April 25, 2010
74. MessageDigest
! MD5
! U. S. Department of Homeland Security
said MD5
"considered cryptographically broken and
unsuitable for further use"
Sunday, April 25, 2010
75. System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
System.out.println("Message2 SHA1 digest: "
+ shaAndBase64Encode(message2));
}
/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {
MessageDigest sha = MessageDigest.getInstance("SHA-1");
//Salt could be applied here
//Integer salt = <some random number generator>
//sha.update(salt.getBytes());
byte[] digest = sha.digest(message.getBytes());
return new sun.misc.BASE64Encoder().encode(digest);
}
}
Sunday, April 25, 2010
76. *
* Demonstrate that very similar messages
* have radically different hashes.
*/
public class MessageDigestSHA
{
public static void main( String[] args )
throws NoSuchAlgorithmException
{
//Set up the message to be encoded
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";
System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
System.out.println("Message2 SHA1 digest: "
+ shaAndBase64Encode(message2));
}
/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {
MessageDigest sha = MessageDigest.getInstance("SHA-1");
Sunday, April 25, 2010
77. Input
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";
Result
Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=
Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=
Sunday, April 25, 2010
78. SYMMETRIC
My key is your key
Sunday, April 25, 2010
79. SYMMETRIC
My key is your key
Sunday, April 25, 2010
93. Symmetric Problems
Keys vulnerable to capture
Eavesdropping on future communications
after key compromise
Sunday, April 25, 2010
94. Symmetric Problems
Keys vulnerable to capture
Eavesdropping on future communications
after key compromise
Key distribution challenges
Sunday, April 25, 2010
95. Symmetric Problems
Keys vulnerable to capture
Eavesdropping on future communications
after key compromise
Key distribution challenges
Triangular number key growth
Sunday, April 25, 2010
96. Symmetric Problems
! Triangular number key growth
Sunday, April 25, 2010
109. Block
Predefined content length
Sunday, April 25, 2010
110. Block
Predefined content length
Well-known end to the content
Sunday, April 25, 2010
111. Block
Predefined content length
Well-known end to the content
Files on disk
Sunday, April 25, 2010
112. Block
Predefined content length
Well-known end to the content
Files on disk
Inefficient when padding
Sunday, April 25, 2010
113. DES
Data Encryption Standard
Block cipher
Banking industry
DES is known to be broken
Sunday, April 25, 2010
114. 3DES
Data Encryption Standard
Block cipher
a.k.a DESede
Basically three passes of DES
Reasonably strong
Sunday, April 25, 2010
115. Blowfish
Block cipher
Unpatented (intentionally)
Secure replacement for DES
Faster than DES
32 to 448 bit keys
Overshadowed by AES
Sunday, April 25, 2010
116. AES
Advanced Encryption Standard
Block cipher
Government standard
Rijndael algorithm
(Joan Daemen, Vincent Rijmen)
4 years of evaluation
Final in December 2000
Very Secure
Sunday, April 25, 2010
126. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Sunday, April 25, 2010
127. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Sunday, April 25, 2010
128. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
Sunday, April 25, 2010
129. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
WiFi in WEP WPA
,
Sunday, April 25, 2010
130. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
WiFi in WEP WPA
,
BitTorrent
Sunday, April 25, 2010
131. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
WiFi in WEP WPA
,
BitTorrent
ssh
Sunday, April 25, 2010
132. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
WiFi in WEP WPA
,
BitTorrent
ssh
Microsoft RDP
Sunday, April 25, 2010
133. RC4
Rivest’s Code 4
Stream cipher
Trademarked (name, but not algorithm)
Used by
Browsers in SSL, TLS
WiFi in WEP WPA
,
BitTorrent
ssh
Microsoft RDP
PDF
Sunday, April 25, 2010
138. A5/1
A5/1
Secret, unpublished
Reverse engineered
Used by GSM phones
Sunday, April 25, 2010
139. import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SymmetricEncrypt
{
public static void main( String[] args )
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";
Sunday, April 25, 2010
140. import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SymmetricEncrypt
{
public static void main( String[] args )
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";
//Build a new encryption key
final KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
keyGen.init(168);
final SecretKey desKey = keyGen.generateKey();
//Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
Sunday, April 25, 2010
141. final String message1 = "Four score and seven years ago";
//Build a new encryption key
final KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
keyGen.init(168);
final SecretKey desKey = keyGen.generateKey();
//Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//////////////////////////////////////
//Put the cipher in decryption mode
desCipher.init(Cipher.DECRYPT_MODE, desKey);
//Decrypt and output the original string
byte[] decryptedBytes = desCipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}
Sunday, April 25, 2010
142. //Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//////////////////////////////////////
//Put the cipher in decryption mode
desCipher.init(Cipher.DECRYPT_MODE, desKey);
//Decrypt and output the original string
byte[] decryptedBytes = desCipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}
Sunday, April 25, 2010
143. Input
String message1 = "Four score and seven years ago";
Result
Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=
Decrypted text: Four score and seven years ago
Sunday, April 25, 2010
144. ENCRYPTED = SAFE,
RIGHT?
information leakage from encrypted data
Sunday, April 25, 2010
145. ENCRYPTED = SAFE,
RIGHT?
information leakage from encrypted data
Sunday, April 25, 2010
146. Encrypted isn’t enough?
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Sunday, April 25, 2010
152. Diffie-Hellman
Key Agreement Protocol
Sunday, April 25, 2010
153. Diffie-Hellman
Key Agreement Protocol
Alice & Bob independently generate the shared
(session) key
Sunday, April 25, 2010
154. Diffie-Hellman
Key Agreement Protocol
Alice & Bob independently generate the shared
(session) key
Published 1976, but invented earlier
Sunday, April 25, 2010
155. Diffie-Hellman
Key Agreement Protocol
Alice & Bob independently generate the shared
(session) key
Published 1976, but invented earlier
Vulnerable to MITM attack
Sunday, April 25, 2010
156. Diffie-Hellman
Key Agreement Protocol
Alice & Bob independently generate the shared
(session) key
Published 1976, but invented earlier
Vulnerable to MITM attack
Fixed by PKI
Sunday, April 25, 2010
157. Diffie-Hellman
Key Agreement Protocol
Alice & Bob independently generate the shared
(session) key
Published 1976, but invented earlier
Vulnerable to MITM attack
Fixed by PKI
and signing the agreed key
Sunday, April 25, 2010
159. DH Diagrammed
predetermined and openly shared
A B
Sunday, April 25, 2010
160. DH Diagrammed
predetermined and openly shared
g = random
g = 11
A B
Sunday, April 25, 2010
161. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
A B
Sunday, April 25, 2010
162. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A B
Sunday, April 25, 2010
163. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
Sunday, April 25, 2010
164. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
9=116 mod 23 13=114 mod 23
Sunday, April 25, 2010
165. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
9=116 mod 23 13=114 mod 23
B=13 A=9
Sunday, April 25, 2010
166. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
9=116 mod 23 13=114 mod 23
B=13 A=9
K= Ba mod p K= Ab mod p
Sunday, April 25, 2010
167. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
9=116 mod 23 13=114 mod 23
B=13 A=9
K= Ba mod p K= Ab mod p
6= 136 mod 23 6= 94 mod 23
Sunday, April 25, 2010
168. DH Diagrammed
predetermined and openly shared
g = random p = prime
g = 11 p = 23
picks a = 6 picks b = 4
A A= ga mod p B B= gb mod p
9=116 mod 23 13=114 mod 23
B=13 A=9
K= Ba mod p K= Ab mod p
6= 136 mod 23 6= 94 mod 23
Encryption can begin
Sunday, April 25, 2010
171. SecureRandom
java.security.SecureRandom
Cryptographically strong random number
generator (RNG)
“Unable to distinguish from a true random
source”
Used in combination with many ciphers
Sunday, April 25, 2010
172. package com.ambientideas;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
Sunday, April 25, 2010 // random number generator instance
173. import java.security.SecureRandom;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
// random number generator instance
SecureRandom prng = SecureRandom.getInstance("SHA1PRNG");
//Get the next random number
String randomNum = new Integer( prng.nextInt() ).toString();
System.out.println("Random number: " + randomNum);
}
}
Sunday, April 25, 2010
174. * a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
// random number generator instance
SecureRandom prng = SecureRandom.getInstance("SHA1PRNG");
//Get the next random number
String randomNum = new Integer( prng.nextInt() ).toString();
System.out.println("Random number: " + randomNum);
}
}
Sunday, April 25, 2010
175. Result
Random number: 1633471380
Sunday, April 25, 2010
176. ASYMMETRIC
Throwing away keys
faster than an intern locksmith
Sunday, April 25, 2010
177. ASYMMETRIC
Throwing away keys
faster than an intern locksmith
Sunday, April 25, 2010
190. import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random
number.
Sunday, April 25, 2010
191. public static void main( String[] args ) throws
NoSuchAlgorithmException, NoSuchProviderException,
IOException, NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";
// Generate the Key Pair
final KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("RSA");
final SecureRandom random =
SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
final PrivateKey privKey = pair.getPrivate();
final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, privKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
Sunday, April 25, 2010
192. KeyPair pair = keyGen.generateKeyPair();
final PrivateKey privKey = pair.getPrivate();
final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, privKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//Decrypt using the private key
rsa.init(Cipher.DECRYPT_MODE, pubKey);
byte[] decryptedBytes = rsa.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}
Sunday, April 25, 2010
193. final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, privKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//Decrypt using the private key
rsa.init(Cipher.DECRYPT_MODE, pubKey);
byte[] decryptedBytes = rsa.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}
Sunday, April 25, 2010
194. Input
String message1 = "Four score and seven years ago";
Result
Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/
ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF
em7oNoim+ooTUDDZQ+E3qP6y/
DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf
atpySkOhGqWS63bPNRs=
Decrypted text: Four score and seven years ago
Sunday, April 25, 2010
195. BLENDED
symmetric with a twist of asymmetric
Sunday, April 25, 2010
196. BLENDED
symmetric with a twist of asymmetric
Sunday, April 25, 2010
205. PGP
Random generated
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
206. PGP
Random generated
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
207. PGP
B’s
2048 bit
public key Random generated
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
208. PGP
Encrypted with
2048 bit RSA key
Random generated
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
209. PGP
Encrypted with
2048 bit RSA key
Random generated
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
210. PGP
Encrypted with
2048 bit RSA key
B’s
2048 bit
Random generated private key
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
211. PGP
Random generated
256 bit symmetric key
Encrypted with
256 bit symmetric key
A B
Message/File
Sunday, April 25, 2010
214. OTHER FRAMEWORKS
and alternative JCE providers
Sunday, April 25, 2010
215. OTHER FRAMEWORKS
and alternative JCE providers
Sunday, April 25, 2010
216. Bouncy Castle
JCE Provider
Many more encryption and digest
algorithms than the Sun provider (AES)
Sunday, April 25, 2010
217. Jasypt
Frictionless Java encryption
Sunday, April 25, 2010
218. Gnu
Open source library
Sunday, April 25, 2010
219. In Summary
Encrypted does not guarantee security
ECB can be leaky
Hash vs. Encrypt
Know when to apply each
Know your algorithm
Key strength
Symmetric versus asymmetric
High Level Libraries
More productive than pure JCE
Sunday, April 25, 2010
220. Th anks in advanc e for
yo ur com pleted evals!
Sunday, April 25, 2010
221. OT CA MP
TI ON BOission
RYPrity is the M
ENC cu
Se
Matthew McCullough
Email matthewm@ambientideas.com
Twitter @matthewmccull
Blog http://ambientideas.com/blog
Sunday, April 25, 2010
229. Major Encryption Types
Pre-agreed Phrases (Concept)
Simplest form of symmetric encryption.
Have to meet in person to pass keys around
DHM Key Exchange (Concept, Algorithm)
Requires both parties to be online
This is a drawback
RSA (Algorithm)
Added asynchronous behavior with pub priv keys
Keys are permanent (not generated each time)
PGP (Concept, Algorithm)
Added speed to RSA by encrypting the payload
Sunday, April 25, 2010
230. Data Integrity
Checksums needed
Harder to maintain with encryption?
Block versus stream cipher
Block: XOR all previous nodes
Stream: XOR some “forward” packets
Recovery once one packet is lost?
Sunday, April 25, 2010
231. Replay Attacks
Consider vulnerability to replay
Problem: ECB (block) mode
Same packet encrypted next time looks
the same
Hardening: XOR to protect
Still vulnerable to entire stream replay
Entire stream hard to capture
Sunday, April 25, 2010